In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

Artificial Intelligence: How AI will reshape every business, including yoursArtificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

Blockchain beyond crypto-currencies: Your foundation to create new business valueCrypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

Futurecasting WorkshopIn this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

8:00 am

SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework

How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy

An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications

How to use the framework to protect critical information assets

A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program

A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment

Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework

Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed

Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps

Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps

Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017

Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation

Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years

Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

Learning Objectives:

Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.

A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

8:30 am

The March of the Chain Gang: Understanding Security Risk in Integrated Blockchain Solutions

The next generation of blockchain solutions will integrate AI, tokenization, smart contracts, and IoT. Each of these ingredients presents cyber risk that must be addressed when developing this new technology. Understanding how these technologies work together is essential for developing a framework to identify and address security vulnerabilities. This presentation will use a proposed integrated block chain use case to help the attendees identify and evaluate security issues as block chain evolves and integrates these other technologies.

8:30 am

Fired for Failing to Forward an Email: My Personal Story of the 2017 Equifax Data Breach

In September 2017 Equifax reported that its systems had been attacked and criminals had accessed the personal information of 148 million US consumers. Graeme Payne, who was a senior IT executive at the time of the breach, was terminated from Equifax in October 2017 “for failing to forward an email regarding an Apache Struts vulnerability.” Several investigations were launched following the data breach. Over the last 12 months, Graeme has testified in many of the investigations regarding the Equifax Data Breach.

Graeme will share his personal story living through this breach and its aftermath. He will share key lessons that should be applicable to anyone involved in managing IT and cybersecurity.

9:00 am

Exhibit Floor Open

Registration Level:

Open Sessions

9:00 am - 3:00 pm

Location / Room: Exhibitor Floor

This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

9:30 am

OPENING KEYNOTE — Going Digital: Building Your Strategic Roadmap for the Next Wave of Digital Transformation

The next major wave of digital transformation will integrate the physical parts of your business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, 5G networking, and blockchain technology. In this talk, former Intel futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “go digital” in the next decade, and reviews the business and security strategies we will need to navigate the road ahead.

The National Association of Corporate Directors (NACD) has published guidance to its members on what to ask company CISOs to get an understanding of the security of the organization they have oversight responsibilities for. NACD trains board members, but who trains the CISOs? This presentation is a primer on the NACD Cyber-Risk Oversight Handbook and it has some help to for the CISO who gets on the Board of Directors Hot Seat.

11:15 am

Vetting Your Vendors: Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts, and Service Agreements

One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience, and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

An organization needs to adequately assess its partners’ and vendors’ cybersecurity “maturity” and create a dialogue of security with each of them. Further, a full understanding of the contractual liabilities regarding the security of the vendor will allow the company and the vendor to fully understand the vulnerabilities in their business agreement. Cybersecurity is a growing problem; the only way to truly understand the threats and vulnerabilities is to to understand your systems and those of your vendors.

State, Local, Tribal and Territorial (SLTT) governments face the threat of continuous cyber-attacks from numerous groups with different intentions to disrupt their ability to provide services and support to citizens. Citizens trust an rely on their governments to provide and maintain services that they rely on for essential life sustainment and emergencies. In recent decades research and investments in technology to enhance methods, solutions, and equipment have improved service delivery and emergency response operations provided by governments.
SLTTs have adopted and embraced advanced technology solutions that increased and improved their capabilities to provide essential and emergency services to their citizens. The effective management and security of these critical services are under constant scrutiny, and even the smallest system failure may be unacceptable to citizens and erode their trust in government. Several studies have shown that cybersecurity programs at the SLTT level receive varying support to ensure security and reduce the risk of compromise. How can budget constrained, understaffed, and low skilled employees of SLTTs establish, maintain and protect the security of their critical information (CI) systems reducing risk and avoiding failures due to cyber-attack? Security professionals, Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are often placed in frustrating positions that limit their options to reduce risk because they are resource constrained. Implementing cybersecurity and risk frameworks that offer foundations to build stakeholder awareness, increase funding, establish needed enforcement authorities can identify gaps, reduce frustration and boost confidence in programs. Combining these basic frameworks with continuous improvement through leadership, information sharing, and partnership building has proven successful in industry cybersecurity programs and can work in SLTTs.

We will review recent surveys with dozens of organizational leaders regarding security awareness, covering a lot of topics including: what works, what doesn’t, what is needed, what is the perceived risk, what is their exposure, and what are the potential gains.

This presentation will cover aspects of security that should be top of mind for every CISO. We will dive into what makes an effective program and how to set the program up for success. This includes reviewing program basics, how to use threat intelligence and incorporating SOAR, and the importance of being active in public policy. The material promises to be thought-provoking and a call to action, giving you specifics that you can implement when you return to work.

1:15 pm

Panel: Building a Better Mouse Trap (Emerging Threats)

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Keynote Theater

To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.Panelists:Yasser Fuentes, Bitdefender
Jay Miller, Red Seal
Brandon Meyer, enSiloModerator: Larry Wilson

Security & IT professionals often are called upon to review the requirements inside Legal Agreements. We aren’t lawyers, and sometimes getting through the verbiage can be a challenge. This presentation takes a look from the Non-Lawyer’s perspective and will give you a new way of looking at ‘Legalese’ and how it affects your daily life on the job. It isn’t true steganography, but you’ll find a lot of “Hidden Language” hiding in MNDAs and Agreements we use every day.

2:15 pm

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

2:15 pm - 3:00 pm

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

Interested in your local associations? Join ISSA for a chapter meeting and guest presentation. This session is open to all attendees.Presentation:
Factor Analysis of Information Risk (FAIR) is the leading methodology for Quantitative Risk Analysis for cybersecurity and operational risk used by 30% of Fortune 1000 organizations. It provides technology, information risk, cybersecurity, finance and senior leadership executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective.

3:00 pm

Employer Data Breach Liability: The Employee as a Threat Vector

Learn 6 big decisions organizations must make in response to insider threat

According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

3:00 pm

SecureWorld PLUS Part 2 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead

In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

Artificial Intelligence: How AI will reshape every business, including yours
Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

Blockchain beyond crypto-currencies: Your foundation to create new business value

Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

Futurecasting Workshop

In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

3:00 pm

SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework

How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy

An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications

How to use the framework to protect critical information assets

A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program

A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment

Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework

Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed

Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps

Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps

Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017

Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation

Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years

Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

Learning Objectives:

Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.

In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

Artificial Intelligence: How AI will reshape every business, including yours
Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

Blockchain beyond crypto-currencies: Your foundation to create new business value

Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy. Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

Futurecasting Workshop

In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

8:00 am

SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework

The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework

How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy

An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications

How to use the framework to protect critical information assets

A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program

A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

The class will help individuals and organizations acquire knowledge, skills and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment

Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework

Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed

Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps

Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps

Identify required workforce skills and develop career pathways for improving skills and experience

About the Instructor – Larry Wilson:

Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017

Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation

Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years

Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

Learning Objectives:

Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.

This presentation will help alleviate the mystery of soft skills. As employers struggle attracting and retaining cybersecurity personnel, it is important that employees feel appreciated and work through the stress associated with this environment. Utilizing this presentation as a springboard to greater understanding from both sides of management, attendees will walk away with: 1) What are the top IT soft skills; 2) How to create an environment of inclusion; 3) Real-world examples of how to implement and use soft skills to land that next promotion or job; and 4) Stress management in today’s cybersecurity field.

In today’s business landscape, privacy will make you more innovative and become your competitive advantage. Transparency is the key to long-term mutually beneficial relationships with your customers. In this session, we’ll cover the latest GDPR updates, the road to CCPA compliance and offer practical steps on how to integrate privacy within the security culture of your company.

If you don’t have your customer’s best interests at heart, your competiton will. This means caring enough to stay on top of the latest privacy trends and how to make a sustainable privacy program to keep your customer’s trust.

Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

9:00 am

Exhibit Floor Open

Registration Level:

Open Sessions

9:00 am - 3:00 pm

Location / Room: Exhibitor Floor

This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

Numerous “wicked” problems, to include cyber defense, face our society today that cannot be solved through normal techniques. This presentation focuses on elements of military planning methods designed for such problems, and how they relate to your network defense planning and execution.

10:15 am

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

10:15 am - 11:15 am

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

Security professionals have the ability every day to secure a business right out of business. Locking down controls so tightly that nothing can be done is just as bad for business as having no controls at all. The “Reasonable Person Test” is often used in legal matters, and should also be considered in security and data protection. In a corporation’s risk appetite there is a fine line between “risky” and “stupid,” and it is up to security professionals to make sure that there is a recovery plan for after “risky”‘ and that “stupid” is avoided.

Pursuit of security compliance certifications can be challenging. Actively engaging engineering teams
and enthusiastic participation by all stakeholders is crucial for the success. This talk will focus on
actionable ideas to convince all stakeholders about the importance of efforts for security & compliance.

This seminar will discuss the Internet of Things (IoT) and the related legal problems. The speaker will discuss privacy, security, and the applicable state and federal regulations. The speaker will discuss the technology behind the Internet of Things and how it has affected different industries. The speaker will assess the current legal ramifications. The audience will learn about the legal and technical issues and the various court cases.

Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

As cybersecurity experts, our overall goal is to protect the confidentiality, preserve the integrity, and promote the availability of data for authorized use—all without inhibiting the business from meeting its objectives. But what about the times when we must say “no” for various reasons? This interactive session focuses techniques for having a diplomatic “crucial conversation” with the business when a request just can’t be approved.

Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

1:15 pm

Panel: Shifting Landscape of Attack Vectors

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Keynote Theater

If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.Panelists:
RJ Sudlow, DHG
Mike Van Doren, Sonatype
Jerrod Piker, Check Point Security
Matthew Farr, Varonis
Kevin Clark, SayersModerator: Jow DiBiase, Interface

1:15 pm

Panel: The Battle for the Endpoint Continues (Endpoint Security)

Registration Level:

Open Sessions

1:15 pm - 2:15 pm

Location / Room: Ballroom C

What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.Panelists:
Jorge Alago, Veristor
Tom Callahan, ControlScan
Dave Vance, Comodo
Ron Coe, Jazz Networks
Mark Hubbard, Code42Moderator: Kelvin Arcelay

2:15 pm

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

2:15 pm - 3:00 pm

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

2:30 pm

Dash for Prizes & CyberHunt

Registration Level:

Open Sessions

2:30 pm - 2:45 pm

Location / Room: Exhibitor Floor

Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

A presentation about crypto assets and why they will be important in your future.

Keynote & Speaker Information

SecureWorld Atlanta

May 29-30, 2019

Exhibitors

ACP Atlanta

Booth: TBD

The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP’s local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
• The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
• The opportunity to hear real examples of solutions that have been implemented in other organizations.
• The opportunity to network for career opportunities.

ARMA Atlanta

Booth: TBD

ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

BackBox

Booth: 248

BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.

Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

Bitglass

Booth: 250

Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

BitSight Technologies

Booth: 200

BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

Check Point Security

Booth: 204

Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

Code42 is the leader in information security. We secure more than 50,000 organizations worldwide, including the most recognized brands in business and education. Because Code42 can secure every version of every file, we offer security, legal and IT teams total visibility and recovery of data–wherever it lives and moves.

Comodo Cybersecurity

Booth: 214

In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

Digital Resolve

Booth: 212

Since 2004, Digital Resolve has delivered solutions that help companies maintain trust and confidence among their audiences through proven and cost-effective fraud-protection and identity intelligence technology. The Digital Resolve platform provides the industry’s only solution that couples its proprietary and substantiated multifactor authentication (MFA) and behavioral monitoring technology with its own single sign-on (SSO) capabilities to deliver proactive protection that secures online accounts, information and transactions―from login to logout. For nearly 15 years, enterprises across a number of industries, from financial services to fast-growth technology to small- and medium-sized businesses to healthcare, have benefitted from having a single, easy-to-deploy solution that provides comprehensive security for online users.

EC-Council

Booth: TBD

International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

Egnyte

Booth: 262

Egnyte delivers the only secure content management platform that is built specifically for businesses. Egnyte gives IT centralized control and protection over their files, and users fast access to their content regardless of file size, device or location.

With Egnyte, customers can finally retire expensive legacy infrastructure to transform their IT spend. Our unique, business-first architecture delivers content with guaranteed performance- from the largest files to the most remote locations- without sacrificing the unified control absent from today’s cloud sync and share apps. Unparalleled protection capabilities help customers stay on top of business-critical content, achieve compliance with minimal IT oversight, and keep pace with the dynamic regulatory landscape.

More than 16,000 of the world’s most demanding businesses rely on Egnyte. Egnyte is headquartered in Mountain View, CA, with customers in more than 120 countries around the globe.

Endgame

Booth: 200

Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

That’s what we’re doing everyday at Endgame.

enSilo

Booth: 260

enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

Garland Technology

Booth: 240

Garland Technology provides the foundation to network visibility with a range of network TAPs and packet brokers. Our products deliver effective physical layer access for in-line and out-of-band monitoring solutions providing you access and visibility to see every bit, byte, and packetⓇ.Let us design your visibility plane, connecting your network and security tools.

Gigamon

Booth: 200

Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

Global Cyber Alliance

Booth: TBD

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

GuidePoint Security LLC

Booth: 200

GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

InfraGard Atlanta Members Alliance (IAMA) is a non-profit organization serving as a public-private partnership among U.S. Businesses, individuals involved in the protection and resilience of the U.S. critical Infrastructure and the Federal Bureau of Investigation.

InfraGard National Members Alliance (INMA), which consists of local InfraGard Members Alliances (IMAs) throughout the country. An InfraGard “chapter” refers to the local FBI, the local IMA, and the local InfraGard members working together.

IAMA is the Atlanta chapter of InfraGard. It is a local association of persons who represent businesses, academic institutions, state and local law enforcement agencies, non-profit organizations and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

Insight

Booth: 242

Insight is a leader in providing smart, cutting-edge technology solutions for global organizations of all sizes. From developing unique strategies to delivering the products, services and expertise, we’ll help your business run more efficiently and modernize through Insight Intelligent Technology Solutions™.

ISACA Atlanta

Booth: TBD

The aim of the ISACA Atlanta Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

Nearing its 50th year, ISACA is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology.

(ISC)2 Atlanta

Booth: TBD

(ISC)² Atlanta chapter encompasses the Atlanta Metro area. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

Our mission is to advance information security in local communities throughout Atlanta, Georgia, by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. ​

ISSA Metro Atlanta Chapter

Booth: TBD

The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

Ixia, a Keysight Business

Booth: 206

We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

Jazz Networks

Booth: 226

Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

Lockpath

Booth: 246

Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

nCipher

Booth: 232

nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments

NiX

Booth: 262

NiX is the world’s first distributed privacy management platform built for addressing shortfalls of current data sharing platforms such as social media by using a truly unique architecture. Consumers have real time control over their content’s privacy with full visibility of its usage throughout its lifecycle. Moreover, NiX delivers this capability to market using a scalable platform architecture that is easy to consume for developers allowing ubiquitous adoption while keeping NiX blind to consumers’ content cryptographically.

Okta

Booth: 210

Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

Optiv

Booth: 228

The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

Preempt Security

Booth: 234

Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more: www.preempt.com.

ProcessUnity

Booth: 256

ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

Pulse Secure

Booth: 216

Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

RedSeal

Booth: 238

At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

Sayers

Booth: 254

At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.

Security Innovation

Booth: 266

For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

Siemplify

Booth: 220

The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.

WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.

Sonatype

Booth: 208

Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

SSH Communications Security

Booth: 270

As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

Synopsys

Booth: 218

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

TAG

Booth: TBD

It’s a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia’s tech-based economy.

TAG TODAY:
35,000+ Members
2,000+ Member Companies
200+ Events per year
33 Societies

TechTarget

Booth: TBD

TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Tufin

Booth: 254

As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

Varonis

Booth: 200

Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

Veristor

Booth: 258

At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

Mike Muscatell

Information Security Advisor, Enterprise IT Solutions

Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

Rebecca Rakoski is co-founder and managing partner at XPAN Law Group, a certified Women Owned boutique law firm. Rebecca focuses her practice exclusively on cybersecurity and data privacy. She has extensive experience in all aspects of cybersecurity, data privacy and cross border data transfer issues. Rebecca performs in-depth cybersecurity assessments and audits in accordance with regulatory requirements. Rebecca counsels clients through a breach by navigating the complexities of different state and federal regulations. Rebecca also performs cybersecurity and data privacy due diligence in M&A transactions, protecting intellectual property, and even transition and succession planning.

Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. Justin is general counsel to one of the largest enterprise data centers in the country dedicated to the development of blockchain technologies that is headquartered in College Park, Georgia. He also speaks regularly on topics that include blockchain, cryptomining and AI as well as conducting realistic cyber breach incident response tabletop exercises. He completed the MIT Sloan School of Management course entitled "Blockchain Technologies: Business Innovation and Application" in December 2018. He brings a cyber lens to business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he is a corporate attorney who specializes in M&A and other business transactions.

Graeme Payne has over 30 years' experience in security and information technology risk consulting and IT management. He spent the majority of his career at Ernst & Young prior to joining Equifax in 2011 as VP of IT Risk & Compliance. At the time of the 2017 Equifax data breach, he was CIO of Global Corporate Platforms. He now consults with Boards of Directors and executive teams on cybersecurity. Graeme is a CISSP, CISM, and CISA.

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Tamika Bass

CISO, Georgia Department of Public Health

Tamika Bass is the Chief Information Security Officer for Georgia Department of Public Health. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

James Baird

Founder and Manager, Cybersecurity Management Consultants, LLC

As a CISO, James has seen his role oversee all the programs and processes involved with Information Security, Operational Security, Technology Risk Management, and IT Compliance, . He has designed and implemented security programs using the ISO 27001, NIST RMF, NIST ICTSCRM, NIST CSF, and ITIL. James holds a Master of Science degree in Information Assurance (MSIA) and maintains the CISSP, CISM, CIPM, and several other Security-related certifications.

Rebecca Rakoski is co-founder and managing partner at XPAN Law Group, a certified Women Owned boutique law firm. Rebecca focuses her practice exclusively on cybersecurity and data privacy. She has extensive experience in all aspects of cybersecurity, data privacy and cross border data transfer issues. Rebecca performs in-depth cybersecurity assessments and audits in accordance with regulatory requirements. Rebecca counsels clients through a breach by navigating the complexities of different state and federal regulations. Rebecca also performs cybersecurity and data privacy due diligence in M&A transactions, protecting intellectual property, and even transition and succession planning.

Terry has over 25 years' experience in the information security field with work ranging from security architecture, pen testing, operations, auditing, risk management, disaster preparedness and compliance. His roles have ranged from white-hat hacker up to CISO for billion dollar companies. Terry has achieved the CISSP (Certified Information System Security Practitioner) designation as well as having completed his Master's degree in Information Security from DePaul University. He has spoken on cybersecurity topics to groups all over the country and as far away as Germany.

Timothy L. Callahan, CISSP, CISM, CRISC Senior Vice President, Global Security; Chief Security Officer Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. He was promoted to his current role in January 2016, where he is responsible for directing Aflac’s global security strategy and leading the information security, business continuity and disaster recovery functions across the company to prioritize security initiatives and allocate resources based on appropriate risk assessments.

Phillip Mahan

Lifetime Member, American Society of Digital Forensics and EDiscovery

Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology, to use for tales. With enough letters to fill a full serving of Alphabet soup (although mostly ‘C’s, ‘I’s, ‘P's and ’S’s) he walks through data protection and privacy with an eye to making the world a better place for data to live.

Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

Mike Muscatell

Information Security Advisor, Enterprise IT Solutions

Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

Mike Muscatell

Information Security Advisor, Enterprise IT Solutions

Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

Protecting the integrity of information continues to be a strategic focus within Tasha's cybersecurity efforts. She has seen the impact of businesses being compromised by malicious threats, and shares how building contingency plans can be of value. Her approach is to align business processes with technical solutions to create powerful plans for sustainability.

Her experience detecting, responding to, and prevention of cyber threats in online environments, grants a unique perspective to ensure the security of information assets with industry accepted risk management tactics. In short, she leads a team to implement organizational awareness for cyber actors. Upon completing the Level 1 Anti-Terrorism Awareness training from the US Department of Homeland Security, she became even better positioned to create strategies for success—knowing WHAT to do is equally as important as HOW to do it.

Civically, Tasha has been involved with her community for over 30 years. She often shares her knowledge of the US Constitution and the public’s civic responsibility. As a requested speaker and panelist in business development initiatives, she is also eager to share her experiences and knowledge of her industry and her journey into business ownership.

Samantha Dutton

President , DuHart Consulting

Dr. Samantha Dutton is the President of DuHart Consulting where she works with her husband in addressing cybersecurity business needs, as it impacts the human factor. She is also an Associate Dean and the Director of the Social Work Program in the College of Social and Behavioral Sciences at the University of Phoenix. She is a Licensed Clinical Social Worker and holds a PhD in Social Work and Social Research. Dr. Dutton served over 25 years in the United States Air Force, retiring as Lieutenant Colonel. She held positions of Deputy Commander of Medical Operations at Mike O’Callaghan Military Medical Center as well as the Medical Squadron at Joint Base Lewis-McChord. She also commanded the Mental Health Clinic at Nellis Air Force Base. She has been the recipient of numerous Air Force level awards and was deployed in support of Operation Iraqi Freedom and Operation Enduring Freedom where she was the lone mental health practitioner for 2500 personnel. Dr. Dutton’s passions include military transition, single parents serving in the military and ensuring veterans have access to services. She has recently embarked on a venture with her husband to address the needs of the cybersecurity profession. She has presented in different forums surrounding these passions as well as publishing an article on single parents in the Air Force. Dr. Dutton created the military social work curriculum for online institution where she brought real world experience and research to the program. Dr. Dutton is married and has 4 children and a granddaughter.

Andrew Dutton is a leader in the cybersecurity industry with DuHart Consulting as the Principle Cybersecurity Architect. In previous roles, he has designed, implemented and overseen program development, control adoption, and strategic planning. He has developed programs for multiple organizations and excels as using a risk-based approach to ensure organizations have implemented the most effective solutions and processes. He implements cybersecurity into processes and not as a separate silo. Building a cybersecurity culture is a key fundamental for any program. Andrew has advanced expertise in the security and compliance space, including NIST, CIS, COBIT, ISO, ITIL, HIPAA, and other frameworks and programs in the IT strategic and tactical processes. He brings a street smart approach to intricate business problems in order to find secure solutions. He is also committed to developing human resources to get the job done.

Jodi Daniels

Founder & CEO & Privacy Consultant, Red Clover Advisors, LLC

Jodi Daniels, founder of Red Clover Advisors, is a Certified Informational Privacy Professional (CIPP/US) with more than 20 years of experience helping a range of businesses from solopreneurs to multi-national companies. Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR compliance, and establish a secure online data strategy their customers can count on. Prior to launching Red Clover Advisors in 2017, she most recently served as the privacy partner for Digital Banking and Digital Marketing at Bank of America and created the comprehensive privacy program at Cox Automotive. Jodi earned her BBA and MBA from Emory University Goizueta Business School.

Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

David Allen is the Chief Information Security Officer for the State of Georgia. He leads GTA’s Office of Information Security, which unifies information security responsibilities for the state’s IT enterprise, the Georgia Enterprise Technology Services (GETS) program, and GTA. Prior to joining GTA in 2019, David served as the Chief Information Officer and Chief of Cybersecurity for the Georgia Army National Guard. David holds a Master of Project Management from DeVry University and is a 1995 graduate of North Georgia College. He is set to earn a Master of Strategic Studies from the U.S. Army War College in July. In addition, David holds several key management and cybersecurity certifications, including Project Management Professional (PMP), Certified Information Security Manager (CISM), and GIAC Certified Enterprise Defender (GCED)

Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology, to use for tales. With enough letters to fill a full serving of Alphabet soup (although mostly ‘C’s, ‘I’s, ‘P's and ’S’s) he walks through data protection and privacy with an eye to making the world a better place for data to live.

Ed has over 20 years of experience in information security, supply chain security, risk, compliance and mergers and acquisitions. Prior to joining Insight, he served as Chief Information Security Officer for Secure Digital Solutions, a consulting firm providing cyber security program strategy, enterprise risk and compliance, and data privacy. He also served as Business Information Security Officer for Target Corporation where he held strategic responsibility for information security risk identification, mitigation and management across the Stores and Finance/Retail Services technology and business portfolios. Ed has also served as an expert witness in several national data breach cases.

Salar Atrizadeh, Esq. is an attorney and information technology expert. He has an extensive background in computer information services, with a focus on database management systems. Salar has conducted seminars before legal and non-legal organizations on similar topics.

David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance.

Tamika Bass

CISO, Georgia Department of Public Health

Tamika Bass is the Chief Information Security Officer for Georgia Department of Public Health. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

Cameron Michelis

Sr. Director, Business Security Office, Automatic Data Processing

Cameron currently serves as Senior Director of the ADP Business Security Office, has over 20 years of experience in Information Security, Data Science and Incident Management. Cameron holds a BS in Mathematics from the University of Florida, multiple professional certifications and is a member of the SANS Institute GIAC Advisory Board.

Tim Chapman serves as ADP’s Director of Security Assurance, leading a team that provides security assurance to ADP’s North American clients. Prior to ADP, Tim’s expertise includes over 17 years of information security, operational risk management, business management, and process improvement experience. Additionally, Tim has been involved with several start-up organizations, including creating two companies and serving as their principal owner. Tim also served in the United States Marine Corps for four years. Tim holds a Bachelor of Business Administration degree from Florida Atlantic University and a Master of Business Administration degree from Georgia State University, where he majored in Information Systems. He also holds the CISSP, CISM, CRISC, and CIPP/US security and privacy certifications.

Michael is a corporate attorney with a strong background in intellectual property and business-oriented technology. As an Attorney with Trusted Counsel, Michael handles licensing and commercial agreement issues. He advises clients on IP and technology licensing, outsourcing and services agreements. He is responsible for negotiating complex technology transactions involving software licensing, data analytics services, cloud hosting services, R&D, data privacy and data security. He also manages a large volume and variety of other transactions, negotiates standard and complex corporate and commercial agreements, and balances legal and business risks for clients. He is currently spearheading Trusted Counsel's initiative to help its clients understand and comply with the European Union's GDPR and other recent privacy developments. He helps them to understand and map the data flowing in and out of their organizations, and then guides them through the process of updating their internal and external privacy policies, online terms and other third party agreements. Michael is a very seasoned attorney with 14 years of experience in the legal profession. Most recently, he served as Associate General Counsel in the Technology, Intellectual Property & Strategic Sourcing Group at New York Life Insurance Company, where he negotiated and drafted strategic and tactical technology agreements with all major suppliers as well as other related services agreements and routinely advised internal clients on technology- and privacy-related issues. He also served as the Legal Officer and Secretary of the New York Life Foundation. Prior to that, he was an Associate at a number of New York firms, among them Loeb & Loeb LLP; Patterson Belknap Webb & Tyler LLP; and Skadden, Arps, Slate, Meagher & Flom LLP. Michael graduated from Emory University with a B.A. in classics and French, followed by a Master of Arts degree in classical philology as well as Master of Philosophy and Doctor of Philosophy degrees from Yale University. He then earned his J.D. from Emory University.

Linda Marcone has 15+ years of Information Security, Governance, Risk & Compliance, and Fraud Prevention experience. Throughout her career, she has built and transformed Information Security Programs and Teams, worked with FBI & NCFTA to take down an international fraud ring (APT), promoted diversity in the workplace, and acted as a mentor. She is currently serving as Co-Chair for Gartner’s Evanta CISO community and InfraGard Board Member.

Linda joined Serta Simmons Bedding (SSB) in 2015 as the Head of Information Security. She is building the Information Security Program from the ground up for the $3B industry leader in bedding manufacturing and eCommerce. Prior roles include Governance, Risk ,and Compliance leader at Cox Communications, Information Security & Fraud Prevention Manager at AutoTrader.com, as well as Security Analyst and Security Engineering roles while at EarthLink.

Conference App and Microsite!

Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes